-
-
未解决
[求助]内核Hook NtSetInformationThread、NtQueryInformationThread
50雪币
-
-
未解决 [求助]内核Hook NtSetInformationThread、NtQueryInformationThread
50雪币
用的vt代码是Hypervisor-From-Scratch
只要hook了这两个其中一个api 空代码 只有一个代理函数跳转里面没有额外代码 想问问大佬们 为什么会蓝屏啊
NTSTATUS Sys_NtQueryInformationThread(
HANDLE ThreadHandle, // 线程句柄(需有THREAD_QUERY_INFORMATION权限)
THREADINFOCLASS ThreadInformationClass, // 要查询的信息类型
PVOID ThreadInformation, // 接收结果的缓冲区
ULONG ThreadInformationLength, // 缓冲区大小
PULONG ReturnLength // 实际返回的信息大小(可选)
){
return Original_NtQueryInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength, ReturnLength);
}
NMI_HARDWARE_FAILURE (80)
This is typically due to a hardware malfunction. The hardware supplier should
be called.
Arguments:
Arg1: 00000000004f4454, 'TDO'
Arg2: 0000000000000000, Status Byte
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
3: kd> k
# Child-SP RetAddr Call Site00 ffffac03`cfd9fd9f fffff801`3569892e Hypervisor!AsmInvept+0x5 [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\AsmEpt.asm @ 17]
01 ffffac03`cfd9fda7 fffff801`356989bc Hypervisor!Invept+0x4e [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\Invept.c @ 14]
02 ffffac03`cfd9fdf7 fffff801`35693ef6 Hypervisor!InveptSingleContext+0x4c [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\Invept.c @ 23]
03 ffffac03`cfd9fe47 fffff801`35691f43 Hypervisor!EptSetPML2AndInvalidateTLB+0x46 [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\Ept.c @ 1651]
04 ffffac03`cfd9fe77 fffff801`35694e8a Hypervisor!EptHandleMonitorTrapFlag+0xb3 [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\Ept.c @ 579]
05 ffffac03`cfd9fea7 fffff801`35691107 Hypervisor!VmxVmexitHandler+0x27a [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\Exit.c @ 154]
06 ffffac03`cfd9ff47 ffffac03`cfd9ff6f Hypervisor!AsmVmexitHandler+0x27 [E:\vsxm\Driver\Hypervisor\MyHypervisorDriver\AsmVmexitHandler.asm @ 41]
07 ffffac03`cfd9ff4f 00000000`00000000 0xffffac03`cfd9ff6f
[培训]Windows内核深度攻防:从Hook技术到Rootkit实战!
